Skip to content

Commit

Permalink
getIdentity refactored
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelwechner
michaelwechner committed Nov 7, 2012
1 parent 8fd781c commit 06d7c89
Showing 1 changed file with 9 additions and 29 deletions.
38 changes: 9 additions & 29 deletions src/webapp/src/java/org/wyona/yanel/servlet/YanelServlet.java
View file
Expand Up @@ -465,7 +465,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
}
} else if (value != null && value.equals("roll-back")) {
log.debug("Roll back ...");
org.wyona.yanel.core.util.VersioningUtil.rollBack(resource, request.getParameter(YANEL_RESOURCE_REVISION), getIdentity(request, map).getUsername());
org.wyona.yanel.core.util.VersioningUtil.rollBack(resource, request.getParameter(YANEL_RESOURCE_REVISION), getIdentity(request, map.getRealm(request.getServletPath())).getUsername());
// TODO: Send confirmation screen
getContent(request, response);
return;
Expand Down Expand Up @@ -1046,8 +1046,8 @@ private Resource getResource(HttpServletRequest request, HttpServletResponse res
private Environment getEnvironment(HttpServletRequest request, HttpServletResponse response) throws ServletException {
Identity identity;
try {
identity = getIdentity(request, map);
Realm realm = map.getRealm(request.getServletPath());
identity = getIdentity(request, realm);
String stateOfView = StateOfView.AUTHORING;
if (yanelUI.isToolbarEnabled(request)) { // TODO: Is this the only criteria?
stateOfView = StateOfView.AUTHORING;
Expand Down Expand Up @@ -1168,14 +1168,14 @@ private void save(HttpServletRequest request, HttpServletResponse response, bool
* @return Null if access is granted and an authentication response if access is denied
*/
private HttpServletResponse doAccessControl(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

// INFO: Get identity, realm, path
Identity identity;
Realm realm;
String path;
try {
identity = getIdentity(request, map);
realm = map.getRealm(request.getServletPath());
identity = getIdentity(request, realm);
log.warn("DEBUG: Identity retrieved: " + identity);
path = map.getPath(realm, request.getServletPath());
} catch (Exception e) {
throw new ServletException(e.getMessage(), e);
Expand Down Expand Up @@ -1285,7 +1285,8 @@ private HttpServletResponse doAccessControl(HttpServletRequest request, HttpServ
return response;
} else {
try {
log.warn("Authentication was successful for user: " + getIdentity(request, map).getUsername());
log.warn("DEBUG: Authentication was successful for user: " + identity.getUsername());
//log.warn("Authentication was successful for user: " + getIdentity(request, map).getUsername());
} catch (Exception e) {
log.error(e.getMessage(), e);
}
Expand Down Expand Up @@ -1761,16 +1762,6 @@ private void write(InputStream in, OutputStream out, HttpServletRequest request,
}
}

/**
* Get the identity from the given request (associated with a realm) or via the 'Authorization' HTTP header in the case of BASIC or DIGEST
* @param request Client/Servlet request
* @param map Map in order to determine realm
* @return Identity if one exist, or otherwise an empty identity
*/
private static Identity getIdentity(HttpServletRequest request, Map map) throws Exception {
return getIdentity(request, map.getRealm(request.getServletPath()));
}

/**
* @deprecated Use {@link #getIdentity(HttpSession, String)} instead
* Get the identity from the HTTP session (associated with the given request) for a specific realm
Expand All @@ -1780,18 +1771,6 @@ private static Identity getIdentity(HttpServletRequest request, Map map) throws
*/
public static Identity getIdentity(HttpSession session, Realm realm) throws Exception {
return getIdentity(session, realm.getID());
/*
if (session != null) {
IdentityMap identityMap = (IdentityMap)session.getAttribute(IDENTITY_MAP_KEY);
if (identityMap != null) {
Identity identity = (Identity)identityMap.get(realm.getID());
if (identity != null && !identity.isWorld()) {
return identity;
}
}
}
return null;
*/
}

/**
Expand Down Expand Up @@ -1841,6 +1820,7 @@ public static void setIdentity(Identity identity, HttpSession session, Realm rea
private static Identity getIdentity(HttpServletRequest request, Realm realm) throws Exception {
Identity identity = getIdentity(request.getSession(false), realm);
if (identity != null) {
log.warn("DEBUG: Identity from session: " + identity);
return identity;
}

Expand Down Expand Up @@ -2185,8 +2165,8 @@ private HttpServletResponse generateResponse(View view, Resource res, HttpServle
OutputStream os = response.getOutputStream();
try {
Usecase usecase = new Usecase(TOOLBAR_USECASE);
Identity identity = getIdentity(request, map);
Realm realm = map.getRealm(request.getServletPath());
Identity identity = getIdentity(request, realm);
String path = map.getPath(realm, request.getServletPath());
// NOTE: This extra authorization check is necessary within a multi-realm environment, because after activating the toolbar with a query string, the toolbar flag attached to the session will be ignored by doAccessControl(). One could possibly do this check within doAccessControl(), but could be a peformance issue! Or as an alternative one could refactor the code, such that the toolbar session flag is realm aware.
if(realm.getPolicyManager().authorize(path, identity, usecase)) {
Expand Down Expand Up @@ -2726,7 +2706,7 @@ Differentiate between hits, pageviews (only html or also PDF, etc.?) and visits
}

// TBD/TODO: What if user has logged out, but still has a persistent cookie?!
Identity identity = getIdentity(request, map);
Identity identity = getIdentity(request, realm);
if (identity != null && identity.getUsername() != null) {
accessLogMessage = accessLogMessage + AccessLog.encodeLogField("u", identity.getUsername());

Expand Down

0 comments on commit 06d7c89

Please sign in to comment.